Stay connected

Trending News

Siemens SICAM A8000 RTUs
ICS, News, Vulnerabilities

Siemens SICAM A8000 RTUs 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 Remote Terminal Unit Series Vulnerability: Protection Mechanism Failure  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized read or write access to network traffic to…

Siemens Products using TightVNC
ICS, News, Vulnerabilities

Siemens Products using TightVNC 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC ITC Industrial Thin Clients, SIMATIC WinCC Runtime Advanced/Professional, SIMATIC HMI Panels, SIPLUS extreme products Vulnerabilities: Heap-based Buffer Overflow, NULL Pointer Dereference, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities…

Siemens SIMATIC Controller Web Servers
ICS, News, Vulnerabilities

Siemens SIMATIC Controller Web Servers 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Controller Web Servers Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the…

Siemens LOGO! Soft Comfort
Vulnerabilities

Siemens LOGO! Soft Comfort (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: LOGO! Soft Comfort Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-134-03 Siemens LOGO! Soft Comfort that was published May 14, 2019, on…

Siemens LOGO! 8 BM
ICS, News, Vulnerabilities

Siemens LOGO! 8 BM (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Extra Values, Plaintext Storage of a Password 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled…

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C
ICS, News, Vulnerabilities

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment (OSI Layer 2) Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow  2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-165-01…

Siemens LOGO! (Update A)
ICS, News, Vulnerabilities

Siemens LOGO! (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-243-02 Siemens LOGO! that was published August 31, 2017, on the ICS webpage…

Rockwell Automation FactoryTalk Linx
ICS, News, Vulnerabilities

Rockwell Automation FactoryTalk Linx 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Improper Input Validation, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial-of-service condition, remote code execution, or leak information that could be used…

Fuji Electric V-Server Lite
ICS, News, Vulnerabilities

Fuji Electric V-Server Lite 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Lite Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of V-Server…

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client
ICS, News, Vulnerabilities

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client 

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls Equipment: American Dynamics victor Web Client, Software House C•CURE Web Client Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker on the network to…